PTC Kepware KepServerEX (Update A)

🗓️ 31 Aug 2023 06:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 125 Views

PTC Kepware KepServerEX (Update A) has critical vulnerabilities, including DLL search order hijacking, improper input validation, and insufficiently protected credentials, leading to code execution, privilege escalation, and credential theft

Reporter	Title	Published	Views	Family All 40
Circl	CVE-2023-29444	10 Jan 202418:27	–	circl
Circl	CVE-2023-29445	10 Jan 202422:32	–	circl
Circl	CVE-2023-29446	10 Jan 202422:32	–	circl
Circl	CVE-2023-29447	10 Jan 202422:32	–	circl
CNNVD	PTC Kepware KEPServerEX Input Validation Error Vulnerability	1 Sep 202300:00	–	cnnvd
CNNVD	PTC Kepware KEPServerEX Security Vulnerability	1 Sep 202300:00	–	cnnvd
CNNVD	PTC Kepware KEPServerEX Security Vulnerability	1 Sep 202300:00	–	cnnvd
CNNVD	PTC Kepware KEPServerEX Security Vulnerability	1 Sep 202300:00	–	cnnvd
CVE	CVE-2023-29444	10 Jan 202417:06	–	cve
CVE	CVE-2023-29445	10 Jan 202420:17	–	cve

Source	Link
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-243-03.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-243-03
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
cisa	www.cisa.gov/topics/industrial-control-systems
cisa	www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
cisa	www.cisa.gov/uscert/ncas/tips/ST04-014
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B